Sign MSIX files with SignTool (workaround solution)
SignTool currently cannot sign unsigned .msix files when used with Signing Manager Controller (SMCTL). This limitation stems from the way SignTool handles .msix packages that use certificate-based signing through a Key Storage Provider (KSP).
As a workaround, you can use the open-source sign tool provided by Microsoft.
Note
This tool works only on Windows and with RSA keypairs.
Install the tool:
dotnet tool install --tool-path . --prerelease sign
Obtain your certificate fingerprint (SHA-256):
openssl x509 -noout -fingerprint -sha256 -in rsa_endentity.crt | cut -d '=' -f2 | sed -s s/://g
Sign the .msix file:
sign code certificate-store \ -cf Path\to\rsa_endentity.crt \ -td sha256 \ -csp "DigiCert Signing Manager KSP" \ -k yourKeypairAlias \ -cfp yourSha256FingerprintString \ Path\to\YourApp.msix